Digest HTTP authentication #111
Comments
|
Might be more useful to have a reverse proxy handle this (and optionally TLS) rather than creating another aspect to maintain in rest-server (when reverse proxies already do it so well and simply)? Just a thought :) |
|
This is one possible solution. I also considered this. But in such case we need option to get authenticated username from proxy. At least for multi-repo layout. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Output of
rest-server --versionrest-server 0.9.7 (v0.9.8-25-g924f6c9) compiled with go1.14.2 on linux/amd64
What should rest-server do differently?
It'll be cool to support Digest or some other HTTP authentication scheme without transmitting plaintext login/password.
What are you trying to do? What is your use case?
I've just found that using TLS causes pretty observable overhead. Most of data is already encrypted except file paths and authentication credentials. So once non-plaintext authentication is implemented, it should be pretty safe to use it without TLS.
May be related: golang/go#29409
Did rest-server help you today? Did it make you happy in any way?
Yes :)
The text was updated successfully, but these errors were encountered: